This guide is useful if you're using HostBill Multi-Brand module on HostBill Enterprise install. This guide assumes you're familiar with linux file editors (like vim or nano).
Replace any occurrence of yourbrand.com below with hostname you're adding |
Issuing CSR / private key for new certificate:
Lets first create dir to store certificate requests and private keys. Login to your HostBill server using ssh and issue following commands:
mkdir /etc/ssl/certificates cd /etc/ssl/certificates/ |
Next, we'll issue CSR for new host, you will be prompted with a series of questions, answer them (when asked about passphrase you can leave it blank):
openssl req -new -newkey rsa:2048 -nodes -keyout yourbrand.com.key -out youtbrand.com.csr |
Issue SSL certificate
Use generated CSR with your SSL Certificates reseller to generate certificate. Once ready, paste its contents to:
/etc/ssl/certificates/yourbrand.com.crt |
Placing your site certificate at top of said file, followed by Intermediate certificate (if any)
Adding new vhost (server block) to nginx:
Make a copy /etc/nginx/conf.d/main.conf file:
cp /etc/nginx/conf.d/main.conf /etc/nginx/conf.d/yourbrand.com.conf |
Update ssl_certificate* and server_name blocks in /etc/nginx/conf.d/yourbrand.com.conf file:
include /etc/nginx/upstreams/*.conf; server { listen 80; server_tokens off; return 301 https://$host$request_uri; } server { listen 443 ssl; server_name yourbrand.com www.yourbrand.com; server_tokens off; charset utf-8; sendfile on; tcp_nopush on; tcp_nodelay off; reset_timedout_connection on; location ~* ^.+\.(jpg|gif|png|css|js|swf|ico)$ { access_log off; log_not_found off; expires 1y; } include /etc/nginx/ssl.conf; include /etc/nginx/locations/*.conf; ssl_certificate /etc/ssl/certificates/yourbrand.com.crt; ssl_certificate_key /etc/ssl/certificates/yourbrand.com.key; } |
Reload nginx to apply new site block + ssl certificate:
systemctl reload nginx |